Abstract: This paper points out their shared defects by researching the security of the two recently-advanced certificateless proxy signature schemes.One is their irresistibility to impersonation attack against certificateless signature scheme II，that is，malicious-but-passive KGC can relegate the right to sign any message to any proxy signer by impersonating original signer，the other is the high likelihood of key-compromise of proxy signature.At last，the reasons for the success of impersonation attack have been analyzed and countermeasures against these attacks have been brought forward as well.

Key words: digital signature, proxy signature, certificateless, impersonation attack, key-compromise

摘要： 针对最近提出的两个无证书代理签名方案进行了安全性研究，指出其存在相同的安全性缺陷：无法抵抗无证书签名体制中类型II的敌手实施的假冒攻击，即恶意但被动的KGC可以假冒原始签名者将任何消息的代理签名权委托给代理签名者。同时也指出了另外一个缺陷，即代理签名者的代理签名密钥容易泄露。并分析了攻击成功的原因，给出了克服攻击的改进措施。

关键词: 数字签名, 代理签名, 无证书, 假冒攻击, 密钥泄露